WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2751Product Price History for WooCommerce42101800Nonce verification recommended
#2752Proxy & VPN Blocker4210721k+Nonce verification recommended
#2753Rename wp-admin login4223388k+Output is not escaped
#2754Republish Old Posts4283242k+Output is not escaped
#2755Reusable Blocks Extended42381520k+Output is not escaped
#2756Secure Passkeys42146761k+Exception output is not escaped
#2757Sendcloud Shipping4278565k+Output is not escaped
#2758Set All First Images As Featured424413700Text Domain Mismatch
#2759Simple Googlebot Visit4232671k+Non Singular String Literal Domain
#2760Speed Contact Bar4253205k+Output is not escaped
#2761Starter Sites4262251k+Output is not escaped
#2762Transients Manager42455020k+Output is not escaped
#2763Ultimate Category Excluder42222650k+Missing nonce verification
#2764Ultimate Coming Soon Page, Maintenance Mode & Under Construction – Gutenberg Block Builder & Landing Page4215899k+Non-prefixed global variable
#2765Vast Demo Import42180113600Text Domain Mismatch
#2766WC Price History4218214k+Database parameter is not escaped
#2767Auto Coupons for WooCommerce4281684k+Output is not escaped
#2768WPC Order Notes for WooCommerce422441900Output is not escaped
#2769WP Author Security424013500Output is not escaped
#2770WP Before After Image Slider – Interactive Image and Video Comparison Plugin for WordPress42112171k+Text Domain Mismatch
#2771WP Cron Cleaner425138500Unsafe printing function
#2772Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)422,5831,82310k+Text Domain Mismatch
#2773WP Fingerprint4234479k+Direct Query
#2774WP Post Redirect4229173k+Unsafe printing function
#2775Advanced All in One Admin Search by WP Spotlight4225251k+Missing Version
#2776Admin Menu Tree Page View43176910k+Nonce verification recommended
#2777Customize Snapshots43942500Nonce verification recommended
#2778Database Addon For WPForms ( wpforms entries ) – WPFormsDB43175320k+Nonce verification recommended
#2779F4 Total Stock Value for WooCommerce4327121k+Output is not escaped
#2780Floating Awesome Button (Sticky Button, Popup, Toast) & 200+ Website Custom Interactive Element4366109800Missing direct file access protection
#2781Hash Form – Drag & Drop Form Builder4392733k+Non-prefixed global variable
#2782Pods Gravity Forms Add-On43791k+Missing nonce verification
#2783Post title marquee scroll4343251k+Output is not escaped
#2784Qodax Checkout Manager – Checkout Field Editor for WooCommerce431727400Interpolated SQL is not prepared
#2785SQL Chart Builder431239600Non-prefixed global variable
#2786Term Management Tools4392610k+Non-prefixed hook name
#2787Terms Order WP – Categories And Taxonomies Order Plugin431247900Non-prefixed global variable
#2788Uber reCaptcha43129451k+Text Domain Mismatch
#2789Ultimate Member Widgets for Elementor – Login Form, Register Form & User Directory4315102400Non-prefixed namespace
#2790User Role Editor43117145700k+Output is not escaped
#2791User Session Control433121700Output is not escaped
#2792utm.codes433433400Missing nonce verification
#2793VA Simple Expires432531800Output is not escaped
#2794Checkout Field Manager (Checkout Manager) for WooCommerce4316115490k+Non-prefixed global variable
#2795WP Hotel Booking WPML Support431052400Direct Query
#2796WP Mail Log43402910k+Text Domain Mismatch
#2797Creative Addons for Elementor4463100800Missing Arg Domain
#2798Debug Bar Console442391k+Missing Arg Domain
#2799ELEX WooCommerce Role Based Pricing442131962k+Non-prefixed global variable
#2800Github Embed4418351k+Non-prefixed global variable